Shulou(Shulou.com)05/31 Report--

This article shows you an example analysis of vBulletin 5.x remote code execution vulnerabilities, which is concise and easy to understand. I hope you can gain something through the detailed introduction of this article.

Introduction of vBulletin components

VBulletin is a global leader in forum and community publishing software. Its security, powerful management function and speed, can provide services for more than 40000 online communities and other features are favored by customers. Many large forums choose vBulletin as their community. From the customer list displayed on vBulletin's official website, we can see that the famous game production company EA, the famous game platform Steam, Japanese multinational Sony, and NASA of the United States are all its customers. VBulletin is efficient, stable and secure, and there are also many large customers in China, such as hummingbird, 51 group buying, ocean tribe and other online forums with tens of thousands of people all use vBulletin.

Vulnerability description

On August 11, 2020, the security team was convinced that the security team tracked the 0-day information of a vBulletin version 5.x remote code execution vulnerability that bypassed the 2019 vBulletin CVE-2019-16759 vulnerability patch and rated it as high-risk. This vulnerability affects all versions of the vBulletin 5.x series and has not been officially fixed and resolved, allowing remote attackers to execute arbitrary code, control the target server, or steal sensitive user information through specially crafted malicious parameters.

Loophole recurrence

By reproducing the vulnerability in vBulletin version 5.x, execute the echo command, as shown in the figure:

Scope of influence

Through the cyberspace search engine, we can know that there are nearly 30, 000 vBulletin websites open to the Internet all over the world, most of which are international community forums maintained by large international enterprises, so the impact of this vulnerability is greater.

Currently the affected version is vBulletin 5.x, that is, the full version of the vBulletin 5 series is affected.

Repair suggestion

VBulletin has not officially fixed this vulnerability. Users affected by this vulnerability should follow vBulletin's official website for the latest fix: https://www.vbulletin.com/.

Temporary solution: vBulletin owners can make the following changes to the forum settings by following these steps to prevent exploitation:

Go to the vBulletin Manager Control Panel

Click "Settings" in the left menu, and then click "Options" in the drop-down menu

Select "General Settings" and then click "Edit Settings"

Look for "Disable PHP, Static HTML, and Ad Module rendering", set it to "YES", and save it.

The above is an example analysis of vBulletin 5.x remote code execution vulnerabilities. Have you learned any knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.